We analyzed 100 political candidate websites during the 2018 midterm election and found widespread use of tracking
It used to be so easy to figure out what a web server was doing by examining its underlying HTML coding. Those days are sadly a thing of the distant past. Today’s web servers do so much more: they consolidate a lot of information from various sources, including ad banner networks, images, visitor analytics, tracking cookies, content distribution networks and more. Sadly, this complexity hides a lot of abuses to your privacy.
We studied a group of 100 different political candidate websites during the 2018 midterm elections and found two basic issues of privacy abuse:
Canvas fingerprinting refers to coordinating a series of tracking techniques to identify a visitor using what browser, IP address, computer processor and operating system details and other details. To give you an idea of the data that the browser collects without your knowledge, take a look at the screenshot below from BrowserLeaks.com. It shows my computer running Chrome on a Mac OS v.10.13 using Intel hardware.
What makes this worse is that more than half of the candidates’ websites we examined did not have any stated privacy policies linked to their home pages. That means they could be sharing your private data without your permission.
These results agree with a similar study done by Ghostery looking at a larger sample of candidate websites for the 2018 midterms. They found trackers on 87% of all websites, with 9% of sites having more than 11 different trackers present. Google and Facebook trackers appeared on more than half of the websites and Twitter-based trackers appeared on a third of the candidate webpages. Republican candidates had 16% more trackers on average than Democrats. (Our research found in general the two parties had similar numbers of trackers.)
Our research also found that some candidates’ websites were using well-known trackers that have had privacy abuses in the past, such as AddThis.
Why are these tracking technologies used? The simple answer is that they want to micro target their campaign advertising and shape the particular ad or pitch they want to show you. They use the canvas fingerprint to collect which news sites you visit, what kind of information you consume, and where you spend your browsing time.
There are two alternative privacy-oriented browsers that you can use to block fingerprinting. One of them is the Avast Secure Browser. This is available on Windows, Mac OS and Android and supports a number of privacy-enhancing features including preventing third party tracking, stopping websites from identifying your unique user profile, a better DNS implementation and built-in VPN. There is also the Tor browser, which has some of these protective features also built-in (and also available for Linux), and various things you can do to harden Firefox browsers.
There are three other tools that can run on a variety of standard browsers: Avast’s AntiTrack, PrivacyBadger and Ghostery. AntiTrack hides your digital fingerprint from techniques like canvas fingerprinting without breaking functionality. You can clear any tracking data and cookies on a regular schedule, be notified of any fingerprinting, and whitelist particular websites that you know are safe.
There are also two browser extensions. Privacy Badger is from the Electronic Frontier Foundation, and is focused on the consumer who is concerned about his or her online privacy. When you call it up onscreen, it will show you a list of the third-party sites and has a simple three-position slider bar next to each one: you can block the originating domain entirely, just block its cookies, or allow it access. Ghostery works a bit differently, and ironically (or unfortunately) wants you to register before it provides more detailed information about third party sites. It provides a short description of the ad network or tracking site that it has discovered from reading the page you are currently browsing. The two tools cite different sites in their reports.
How will this all shake out for the upcoming November elections? There are several things to consider:
In the first installment of our "What Does the Internet Know About Me?" series, we compare the information that Fitbit delivers to users with personal data that the company collects.
The single sign-on (SSO) authentication protocol has come a long way since its inception in the 1980’s, and it is likely to be a key component of our digital world in 2021 and beyond.